Method and system for protecting a computer system during boot operation
a computer system and boot operation technology, applied in the field of computer security systems, can solve the problems of unwanted, potentially harmful, unsolicited data traffic, internet has become, and is a target for intruders seeking to obtain unauthorized access or even outright control of the computer system
Active Publication Date: 2012-07-10
TREND MICRO INC
View PDF33 Cites 12 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Benefits of technology
Provides continuous protection by inspecting packets during boot operation, preventing unauthorized access and ensuring secure network traffic even with newly installed network interfaces without requiring immediate administrator intervention.
Problems solved by technology
The Internet has become a place over which unwanted, potentially harmful, and otherwise unsolicited data traffic is transmitted.
Since complex computer systems and networks may not always be configured securely, and the installed software on computer systems often contains software defects and other vulnerabilities, they have become a target for intruders seeking to obtain unauthorized access or even outright control of a computer system.
Many computer systems which have firewall protection nonetheless have a window of vulnerability during the system startup, or during network reconfiguration where packets may be processed contrary to intended policy, possibly compromising or damaging the computer system.
This window of vulnerability occurs during boot operation, between the time at which system network drivers are configured and the later time at which normal user applications and higher level system management services controlling the network security policy may be activated.
There is also a window of vulnerability when network cards are added or reconfigured on the system while the system has been shut down.
However, such a policy may not be sufficient or may be too liberal, thus causing problems with normal system startup, or still exposing the computer system to some undesired access or attack during boot operation.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0039]One form of software security architecture for an IPS (“Intrusion Prevention System”) or IDS (“Intrusion Detection System”) according to the embodiments of the present invention includes three main components, namely “Security Center”, “Deep Security Manager (DSM)”, and “Agent”, wherein:
“Security Center” is the server where IPS Filters, Detection Rules and Expressions are defined;
“DSM” is the server portion that runs within an enterprise to communicate to the Security Center to receive updates, run the Recommendation Engine, query the Agents, and distribute security configuration to the Agents; and
“Agent” is the software that performs the IPS / IDS operations on the computer system.
[0040]As is known in the art, the boot operation of a computer system primarily involves copying the operating system components from a storage device into main memory, so that it can be executed by one or more CPUs (Central Processing Units). The period of boot operation is typically considered compl...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
A method for protecting a computer system from malicious network traffic is provided using a driver which inspects network packets. A security profile comprising packet inspection rules is compiled and stored on the computer system. During the startup or boot operation of an operating system, the driver loads the compiled security profile and inspects network packets using the inspection rules.
Description
RELATED APPLICATIONS[0001]The present invention claims priority from the U.S. provisional application to BOYCE, Kevin, Ser. No. 61 / 013,491 filed on Dec. 13, 2007 entitled “Network Protection During Boot Operation”, which is incorporated herein by reference.FIELD OF THE INVENTION[0002]The present invention relates to computer security systems, and in particular, to an improved method and system for protecting a computer system during boot operation.BACKGROUND OF THE INVENTION[0003]The Internet has become a place over which unwanted, potentially harmful, and otherwise unsolicited data traffic is transmitted. Since complex computer systems and networks may not always be configured securely, and the installed software on computer systems often contains software defects and other vulnerabilities, they have become a target for intruders seeking to obtain unauthorized access or even outright control of a computer system.[0004]This phenomenon has given rise to an industry providing various ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(United States)
IPC IPC(8): G06F7/04G06F9/00
CPCG06F21/575G06F21/51
Inventor BOYCE, KEVIN GERARD
Owner TREND MICRO INC